mirror of https://github.com/openssl/openssl
Use an enum for the return value from a construction function
Construction return values are no longer boolean but can return 3 different values, so we use an enum to represent them. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18990)
This commit is contained in:
parent
3e93c5fe1e
commit
67ec6d2b74
|
@ -806,11 +806,11 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s)
|
|||
WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst);
|
||||
WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst);
|
||||
int (*get_construct_message_f) (SSL_CONNECTION *s,
|
||||
int (**confunc) (SSL_CONNECTION *s,
|
||||
WPACKET *pkt),
|
||||
CON_FUNC_RETURN (**confunc) (SSL_CONNECTION *s,
|
||||
WPACKET *pkt),
|
||||
int *mt);
|
||||
void (*cb) (const SSL *ssl, int type, int val) = NULL;
|
||||
int (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
|
||||
CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
|
||||
int mt;
|
||||
WPACKET pkt;
|
||||
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
|
||||
|
@ -889,14 +889,14 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s)
|
|||
return SUB_STATE_ERROR;
|
||||
}
|
||||
if (confunc != NULL) {
|
||||
int tmpret;
|
||||
CON_FUNC_RETURN tmpret;
|
||||
|
||||
tmpret = confunc(s, &pkt);
|
||||
if (tmpret <= 0) {
|
||||
if (tmpret == CON_FUNC_ERROR) {
|
||||
WPACKET_cleanup(&pkt);
|
||||
check_fatal(s);
|
||||
return SUB_STATE_ERROR;
|
||||
} else if (tmpret == 2) {
|
||||
} else if (tmpret == CON_FUNC_DONT_SEND) {
|
||||
/*
|
||||
* The construction function decided not to construct the
|
||||
* message after all and continue. Skip sending.
|
||||
|
|
|
@ -80,6 +80,12 @@ typedef enum {
|
|||
ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
|
||||
} ENC_WRITE_STATES;
|
||||
|
||||
typedef enum {
|
||||
CON_FUNC_ERROR = 0,
|
||||
CON_FUNC_SUCCESS,
|
||||
CON_FUNC_DONT_SEND
|
||||
} CON_FUNC_RETURN;
|
||||
|
||||
/*****************************************************************************
|
||||
* *
|
||||
* This structure should be considered "opaque" to anything outside of the *
|
||||
|
|
|
@ -1098,7 +1098,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s,
|
|||
}
|
||||
}
|
||||
|
||||
int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
unsigned char *p;
|
||||
size_t sess_id_len;
|
||||
|
@ -1114,7 +1114,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
protverr = ssl_set_client_hello_version(s);
|
||||
if (protverr != 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, protverr);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (sess == NULL
|
||||
|
@ -1123,7 +1123,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
if (s->hello_retry_request == SSL_HRR_NONE
|
||||
&& !ssl_get_new_session(s, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
/* else use the pre-loaded session */
|
||||
|
@ -1150,7 +1150,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random),
|
||||
DOWNGRADE_NONE) <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/*-
|
||||
|
@ -1189,7 +1189,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
if (!WPACKET_put_bytes_u16(pkt, s->client_version)
|
||||
|| !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/* Session ID */
|
||||
|
@ -1204,7 +1204,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
&& RAND_bytes_ex(sctx->libctx, s->tmp_session_id,
|
||||
sess_id_len, 0) <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
} else {
|
||||
sess_id_len = 0;
|
||||
|
@ -1222,7 +1222,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
sess_id_len))
|
||||
|| !WPACKET_close(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/* cookie stuff for DTLS */
|
||||
|
@ -1231,30 +1231,30 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
|| !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,
|
||||
s->d1->cookie_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/* Ciphers supported */
|
||||
if (!WPACKET_start_sub_packet_u16(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s)),
|
||||
pkt)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
if (!WPACKET_close(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/* COMPRESSION */
|
||||
if (!WPACKET_start_sub_packet_u8(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
if (ssl_allow_compression(s)
|
||||
|
@ -1266,7 +1266,7 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
comp = sk_SSL_COMP_value(sctx->comp_methods, i);
|
||||
if (!WPACKET_put_bytes_u8(pkt, comp->id)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1274,16 +1274,16 @@ int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
/* Add the NULL method */
|
||||
if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/* TLS extensions */
|
||||
if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt)
|
||||
|
@ -3315,7 +3315,8 @@ static int tls_construct_cke_srp(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
#endif
|
||||
}
|
||||
|
||||
int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
unsigned long alg_k;
|
||||
|
||||
|
@ -3352,7 +3353,7 @@ int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
goto err;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
err:
|
||||
OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
|
||||
s->s3.tmp.pms = NULL;
|
||||
|
@ -3362,7 +3363,7 @@ int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
s->s3.tmp.psk = NULL;
|
||||
s->s3.tmp.psklen = 0;
|
||||
#endif
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
int tls_client_key_exchange_post_work(SSL_CONNECTION *s)
|
||||
|
@ -3538,7 +3539,8 @@ WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst)
|
|||
return WORK_ERROR;
|
||||
}
|
||||
|
||||
int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
|
||||
|
||||
|
@ -3547,18 +3549,18 @@ int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
/* no context available, add 0-length context */
|
||||
if (!WPACKET_put_bytes_u8(pkt, 0)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
} else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
if (!ssl3_output_cert_chain(s, pkt,
|
||||
(s->s3.tmp.cert_req == 2) ? NULL
|
||||
: s->cert->key)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (SSL_CONNECTION_IS_TLS13(s)
|
||||
|
@ -3570,10 +3572,10 @@ int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
* state and thus ssl3_send_alert may crash.
|
||||
*/
|
||||
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_CANNOT_CHANGE_CIPHER);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s)
|
||||
|
@ -3620,7 +3622,7 @@ int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s)
|
|||
}
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
size_t len, padding_len;
|
||||
unsigned char *padding = NULL;
|
||||
|
@ -3631,12 +3633,12 @@ int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
|
||||
|| !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
memset(padding, 0, padding_len);
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -3820,14 +3822,14 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk,
|
|||
return 1;
|
||||
}
|
||||
|
||||
int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
|
||||
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
|
|
@ -927,18 +927,19 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
|
|||
* ssl->session->read_compression assign
|
||||
* ssl->session->read_hash assign
|
||||
*/
|
||||
int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
if (s->version == DTLS1_BAD_VER) {
|
||||
s->d1->next_handshake_write_seq++;
|
||||
|
||||
if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
|
|
|
@ -268,7 +268,7 @@ static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs,
|
|||
return 1;
|
||||
}
|
||||
|
||||
int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
EVP_PKEY *pkey = NULL;
|
||||
const EVP_MD *md = NULL;
|
||||
|
@ -386,11 +386,11 @@ int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
|
||||
OPENSSL_free(sig);
|
||||
EVP_MD_CTX_free(mctx);
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
err:
|
||||
OPENSSL_free(sig);
|
||||
EVP_MD_CTX_free(mctx);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
|
||||
|
@ -561,7 +561,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
|
|||
return ret;
|
||||
}
|
||||
|
||||
int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
size_t finish_md_len;
|
||||
const char *sender;
|
||||
|
@ -582,7 +582,7 @@ int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
&& (!ssl->method->ssl3_enc->change_cipher_state(s,
|
||||
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (s->server) {
|
||||
|
@ -598,14 +598,14 @@ int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
s->s3.tmp.finish_md);
|
||||
if (finish_md_len == 0) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
s->s3.tmp.finish_md_len = finish_md_len;
|
||||
|
||||
if (!WPACKET_memcpy(pkt, s->s3.tmp.finish_md, finish_md_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -616,7 +616,7 @@ int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
&& !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key,
|
||||
s->session->master_key_length)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -624,7 +624,7 @@ int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
*/
|
||||
if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
if (!s->server) {
|
||||
memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md,
|
||||
|
@ -636,18 +636,18 @@ int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
s->s3.previous_server_finished_len = finish_md_len;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
s->key_update = SSL_KEY_UPDATE_NONE;
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt)
|
||||
|
@ -896,14 +896,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt)
|
|||
return MSG_PROCESS_FINISHED_READING;
|
||||
}
|
||||
|
||||
int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
/* Add a certificate to the WPACKET */
|
||||
|
|
|
@ -54,7 +54,7 @@ typedef enum {
|
|||
MSG_PROCESS_CONTINUE_READING
|
||||
} MSG_PROCESS_RETURN;
|
||||
|
||||
typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt);
|
||||
typedef CON_FUNC_RETURN (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt);
|
||||
|
||||
int ssl3_take_mac(SSL_CONNECTION *s);
|
||||
int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
|
||||
|
@ -111,11 +111,13 @@ __owur int tls_process_initial_server_flight(SSL_CONNECTION *s);
|
|||
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt);
|
||||
__owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
|
||||
__owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst,
|
||||
|
@ -123,7 +125,8 @@ __owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst,
|
|||
__owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s);
|
||||
|
||||
/* some client-only functions */
|
||||
__owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
|
||||
|
@ -135,16 +138,20 @@ __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s,
|
|||
PACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s,
|
||||
WORK_STATE wst);
|
||||
__owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509,
|
||||
EVP_PKEY **ppkey);
|
||||
__owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s);
|
||||
__owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_cert_status(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s,
|
||||
|
@ -153,23 +160,30 @@ __owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s,
|
|||
WORK_STATE wst);
|
||||
__owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s);
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
__owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
#endif
|
||||
__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt);
|
||||
__owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
|
||||
/* some server-only functions */
|
||||
__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s,
|
||||
WORK_STATE wst);
|
||||
__owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s,
|
||||
|
@ -182,7 +196,8 @@ __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s,
|
|||
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
#endif
|
||||
__owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
__owur CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s,
|
||||
PACKET *pkt);
|
||||
|
||||
|
|
|
@ -43,7 +43,8 @@ ASN1_SEQUENCE(GOST_KX_MESSAGE) = {
|
|||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
|
||||
|
||||
static int tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt);
|
||||
static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s,
|
||||
WPACKET *pkt);
|
||||
|
||||
/*
|
||||
* ossl_statem_server13_read_transition() encapsulates the logic for the allowed
|
||||
|
@ -1291,7 +1292,8 @@ int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
|
|||
return 1;
|
||||
}
|
||||
|
||||
int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
unsigned int cookie_leni;
|
||||
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
|
||||
|
@ -1301,17 +1303,17 @@ int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
&cookie_leni) == 0
|
||||
|| cookie_leni > DTLS1_COOKIE_LENGTH) {
|
||||
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
s->d1->cookie_len = cookie_leni;
|
||||
|
||||
if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
|
||||
s->d1->cookie_len)) {
|
||||
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
/*-
|
||||
|
@ -2318,7 +2320,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst)
|
|||
return WORK_ERROR;
|
||||
}
|
||||
|
||||
int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
int compm;
|
||||
size_t sl, len;
|
||||
|
@ -2338,7 +2340,7 @@ int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
? hrrrandom : s->s3.server_random,
|
||||
SSL3_RANDOM_SIZE)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/*-
|
||||
|
@ -2374,7 +2376,7 @@ int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
|
||||
if (sl > sizeof(s->session->session_id)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/* set up the compression method */
|
||||
|
@ -2392,7 +2394,7 @@ int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
pkt, &len)
|
||||
|| !WPACKET_put_bytes_u8(pkt, compm)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (!tls_construct_extensions(s, pkt,
|
||||
|
@ -2403,7 +2405,7 @@ int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
: SSL_EXT_TLS1_2_SERVER_HELLO),
|
||||
NULL, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (s->hello_retry_request == SSL_HRR_PENDING) {
|
||||
|
@ -2418,29 +2420,30 @@ int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
*/
|
||||
if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
} else if (!(s->verify_mode & SSL_VERIFY_PEER)
|
||||
&& !ssl3_digest_cached_records(s, 0)) {
|
||||
/* SSLfatal() already called */;
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
if (!s->s3.tmp.cert_request) {
|
||||
if (!ssl3_digest_cached_records(s, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
EVP_PKEY *pkdh = NULL;
|
||||
unsigned char *encodedPoint = NULL;
|
||||
|
@ -2453,7 +2456,8 @@ int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
|
||||
EVP_PKEY_CTX *pctx = NULL;
|
||||
size_t paramlen, paramoffset;
|
||||
int freer = 0, ret = 0;
|
||||
int freer = 0;
|
||||
CON_FUNC_RETURN ret = CON_FUNC_ERROR;
|
||||
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
|
||||
|
||||
if (!WPACKET_get_total_written(pkt, ¶moffset)) {
|
||||
|
@ -2735,7 +2739,7 @@ int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
OPENSSL_free(tbs);
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
ret = CON_FUNC_SUCCESS;
|
||||
err:
|
||||
EVP_PKEY_free(pkdh);
|
||||
OPENSSL_free(encodedPoint);
|
||||
|
@ -2749,7 +2753,8 @@ int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
return ret;
|
||||
}
|
||||
|
||||
int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
if (SSL_CONNECTION_IS_TLS13(s)) {
|
||||
/* Send random context when doing post-handshake auth */
|
||||
|
@ -2759,24 +2764,24 @@ int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
|
||||
s->pha_context_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
|
||||
s->pha_context, s->pha_context_len, 0) <= 0
|
||||
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
|
||||
s->pha_context_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
/* reset the handshake hash back to just after the ClientFinished */
|
||||
if (!tls13_restore_handshake_digest_for_pha(s)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
} else {
|
||||
if (!WPACKET_put_bytes_u8(pkt, 0)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2784,7 +2789,7 @@ int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,
|
||||
0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
goto done;
|
||||
}
|
||||
|
@ -2793,7 +2798,7 @@ int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
if (!WPACKET_start_sub_packet_u8(pkt)
|
||||
|| !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
if (SSL_USE_SIGALGS(s)) {
|
||||
|
@ -2805,19 +2810,19 @@ int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
|| !tls12_copy_sigalgs(s, pkt, psigs, nl)
|
||||
|| !WPACKET_close(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (!construct_ca_names(s, get_ca_names(s), pkt)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
done:
|
||||
s->certreqs_sent++;
|
||||
s->s3.tmp.cert_request = 1;
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt)
|
||||
|
@ -3628,13 +3633,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s,
|
|||
return ret;
|
||||
}
|
||||
|
||||
int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
CERT_PKEY *cpk = s->s3.tmp.cert;
|
||||
|
||||
if (cpk == NULL) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -3643,14 +3648,14 @@ int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
*/
|
||||
if (SSL_CONNECTION_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
if (!ssl3_output_cert_chain(s, pkt, cpk)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt,
|
||||
|
@ -3696,13 +3701,10 @@ static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns 1 on success, 0 to abort construction of the ticket (non-fatal), or
|
||||
* -1 on fatal error
|
||||
*/
|
||||
static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
|
||||
uint32_t age_add,
|
||||
unsigned char *tick_nonce)
|
||||
static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s,
|
||||
WPACKET *pkt,
|
||||
uint32_t age_add,
|
||||
unsigned char *tick_nonce)
|
||||
{
|
||||
unsigned char *senc = NULL;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
|
@ -3715,7 +3717,8 @@ static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
SSL_CTX *tctx = s->session_ctx;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
|
||||
int iv_len, ok = -1;
|
||||
int iv_len;
|
||||
CON_FUNC_RETURN ok = CON_FUNC_ERROR;
|
||||
size_t macoffset, macendoffset;
|
||||
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
|
||||
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
|
||||
|
@ -3804,7 +3807,7 @@ static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
* ticket
|
||||
*/
|
||||
if (SSL_CONNECTION_IS_TLS13(s)) {
|
||||
ok = 0;
|
||||
ok = CON_FUNC_DONT_SEND;
|
||||
goto err;
|
||||
}
|
||||
/* Put timeout and length */
|
||||
|
@ -3816,7 +3819,7 @@ static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
OPENSSL_free(senc);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
ssl_hmac_free(hctx);
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
if (ret < 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
|
||||
|
@ -3893,7 +3896,7 @@ static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
goto err;
|
||||
}
|
||||
|
||||
ok = 1;
|
||||
ok = CON_FUNC_SUCCESS;
|
||||
err:
|
||||
OPENSSL_free(senc);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
|
@ -3934,7 +3937,7 @@ static void tls_update_ticket_counts(SSL_CONNECTION *s)
|
|||
s->ext.extra_tickets_expected--;
|
||||
}
|
||||
|
||||
int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
SSL_CTX *tctx = s->session_ctx;
|
||||
unsigned char tick_nonce[TICKET_NONCE_SIZE];
|
||||
|
@ -3942,7 +3945,7 @@ int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
unsigned char age_add_c[sizeof(uint32_t)];
|
||||
uint32_t age_add;
|
||||
} age_add_u;
|
||||
int ret = 0;
|
||||
CON_FUNC_RETURN ret = CON_FUNC_ERROR;
|
||||
|
||||
age_add_u.age_add = 0;
|
||||
|
||||
|
@ -4042,13 +4045,14 @@ int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
goto err;
|
||||
}
|
||||
} else {
|
||||
int tmpret;
|
||||
CON_FUNC_RETURN tmpret;
|
||||
|
||||
tmpret = construct_stateless_ticket(s, pkt, age_add_u.age_add,
|
||||
tick_nonce);
|
||||
if (tmpret != 1) {
|
||||
if (tmpret == 0) {
|
||||
ret = 2; /* Non-fatal. Abort construction but continue */
|
||||
if (tmpret != CON_FUNC_SUCCESS) {
|
||||
if (tmpret == CON_FUNC_DONT_SEND) {
|
||||
/* Non-fatal. Abort construction but continue */
|
||||
ret = CON_FUNC_DONT_SEND;
|
||||
/* We count this as a success so update the counts anwyay */
|
||||
tls_update_ticket_counts(s);
|
||||
}
|
||||
|
@ -4068,7 +4072,7 @@ int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
ret = CON_FUNC_SUCCESS;
|
||||
err:
|
||||
return ret;
|
||||
}
|
||||
|
@ -4089,14 +4093,14 @@ int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt)
|
|||
return 1;
|
||||
}
|
||||
|
||||
int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
CON_FUNC_RETURN tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
{
|
||||
if (!tls_construct_cert_status_body(s, pkt)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
|
@ -4135,15 +4139,16 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, PACKET *pkt)
|
|||
}
|
||||
#endif
|
||||
|
||||
static int tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt)
|
||||
static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s,
|
||||
WPACKET *pkt)
|
||||
{
|
||||
if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
|
||||
NULL, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
return 0;
|
||||
return CON_FUNC_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return CON_FUNC_SUCCESS;
|
||||
}
|
||||
|
||||
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, PACKET *pkt)
|
||||
|
|
Loading…
Reference in New Issue